Two-dimensional Intrusion Detection System: A New Feature Selection Technique

Abstract

The rapid increase and expansion of cyber-attacks requires the development of new quality tools to reduce, combat, and eventually stop their risks. In this context, an Intrusion Prevention Systems (IPS) is introduced. It is an extended IDS solutions network security technology characterized by adding the ability to block threats and detect vulnerabilities exploits. Unlike its predecessor, the IPS is placed as an inline security component where it actively processes via analyzing and taking automated actions on all traffic flows that enter the network. Needless to say, speed and efficiency are a necessity in the IPS to avoid degrading network performance. On one hand, signature-based detection and statistical anomaly-based detection, two dominant detection methods mechanisms, are responsible for finding exploits whenever statistical features are extracted to characterize network traffic flows. The computation cost of the classifier, therefore, will be overlarge. On the other hand, the feature selection problem, a critical component in reducing features and improving overall classification accuracy, is about a highly complex NP-hard problem in a Data science. In this paper, a novel intrusion detection system is proposed. It is a double-action system with meta-classifier based feature selection as well as an ensemble learning meta-classifier for stacking via cross-validation to prevent overfitting. Therefore, a better subset of informative features for each type of attacks was selected rather than the features common to all attacks. Finally, this work, through the several experiments, demonstrates that our proposed model not only reaches high detection rates and significantly reduces false alarms, but also accelerates the learning and the testing process thereby directly contributing to the overall ability to work in online mode and scalability.